-
CVE-2025-21613 – Go-Get Argument Injection Vulnerability
CVE ID : CVE-2025-21613 Published : Jan. 6, 2025, 5:15 p.m. | 3 hours, 44 minutes ago Description : go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to…
-
CVE-2025-21612 – TabberNeue Cross-Site Scripting
CVE ID : CVE-2025-21612 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn’t escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability…
-
CVE-2025-21611 – Tgstation-Server Authorization Bypass
CVE ID : CVE-2025-21611 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR’d instead of AND’ed with the role used to determine if a user was enabled. This allows…
-
CVE-2024-5594 – OpenVPN PATH Injection Vulnerability
CVE ID : CVE-2024-5594 Published : Jan. 6, 2025, 2:15 p.m. | 6 hours, 45 minutes ago Description : OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected…
-
Vulnerable Moxa devices expose industrial networks to attacks
Vulnerable Moxa devices expose industrial networks to attacks Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network securi … Read more Published Date: Jan 06, 2025 (3 hours, 44 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-9140…
-
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. Previously, the malware was seen in attacks … Read more Published Date: Jan 06, 2025 (6 hours, 5 minutes ago) Vulnerabilities has been mentioned in this…
-
MediaTek rings in the new year with a parade of chipset vulns
MediaTek rings in the new year with a parade of chipset vulns MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. The fabless semi … Read more Published Date: Jan 06, 2025 (6 hours, 32 minutes ago)…
-
Best Courses for Java Developers
Tired of the same predictable and monotonous Java tutorials? So was I. I used to think all Java courses were the same. Endless tutorials where someone talks about getters and setters in a monotonous, robotic voice while you put all of your effort into just trying to stay awake. After months of intensive research and…
-
Insecure Bootstrap Process in Google’s Cloud SQL Proxy
Summary The bootstrap process for Google’s cloud SQL Proxy CLI uses the “curl | bash” pattern and didn’t document a way to verify authenticity of the downloaded binaries. The vendor updated documentation with information on how to use checksums to verify the downloaded binaries. Vulnerability Details As part of our ongoing research into supply chain…
-
RFC 9116 / “security.txt” Has Been Published
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak. I would like to use this opportunity to thank those who made this possible. Thank you. pic.twitter.com/Z8SNxd81ZO — Ed (@EdOverflow) April 27, 2022 See: https://www.rfc-editor.org/rfc/rfc9116 Go to Source